diff options
author | Thomas Willingham <founder@kakste.com> | 2014-04-12 18:13:37 +0100 |
---|---|---|
committer | Thomas Willingham <founder@kakste.com> | 2014-04-12 18:13:37 +0100 |
commit | cdc8454cf112006e4199b6221bcaa3c3a509b564 (patch) | |
tree | 267293b7f5536bda899324af8913549baf4c4c72 /vendor/sabre/dav/lib/Sabre/DAV/Client.php | |
parent | 2fdcd0c27eac389709f48d6b40723e153c1492e6 (diff) | |
download | volse-hubzilla-cdc8454cf112006e4199b6221bcaa3c3a509b564.tar.gz volse-hubzilla-cdc8454cf112006e4199b6221bcaa3c3a509b564.tar.bz2 volse-hubzilla-cdc8454cf112006e4199b6221bcaa3c3a509b564.zip |
Update sabre
Diffstat (limited to 'vendor/sabre/dav/lib/Sabre/DAV/Client.php')
-rw-r--r-- | vendor/sabre/dav/lib/Sabre/DAV/Client.php | 13 |
1 files changed, 11 insertions, 2 deletions
diff --git a/vendor/sabre/dav/lib/Sabre/DAV/Client.php b/vendor/sabre/dav/lib/Sabre/DAV/Client.php index b9cf043a2..1cec8ff6f 100644 --- a/vendor/sabre/dav/lib/Sabre/DAV/Client.php +++ b/vendor/sabre/dav/lib/Sabre/DAV/Client.php @@ -10,7 +10,7 @@ namespace Sabre\DAV; * * NOTE: This class is experimental, it's api will likely change in the future. * - * @copyright Copyright (C) 2007-2013 fruux GmbH (https://fruux.com/). + * @copyright Copyright (C) 2007-2014 fruux GmbH (https://fruux.com/). * @author Evert Pot (http://evertpot.com/) * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License */ @@ -314,7 +314,11 @@ class Client { CURLOPT_RETURNTRANSFER => true, // Return headers as part of the response CURLOPT_HEADER => true, - CURLOPT_POSTFIELDS => $body, + + // For security we cast this to a string. If somehow an array could + // be passed here, it would be possible for an attacker to use @ to + // post local files. + CURLOPT_POSTFIELDS => (string)$body, // Automatically follow redirects CURLOPT_FOLLOWLOCATION => true, CURLOPT_MAXREDIRS => 5, @@ -526,7 +530,12 @@ class Client { $body = XMLUtil::convertDAVNamespace($body); + // Fixes an XXE vulnerability on PHP versions older than 5.3.23 or + // 5.4.13. + $previous = libxml_disable_entity_loader(true); $responseXML = simplexml_load_string($body, null, LIBXML_NOBLANKS | LIBXML_NOCDATA); + libxml_disable_entity_loader($previous); + if ($responseXML===false) { throw new \InvalidArgumentException('The passed data is not valid XML'); } |